By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

access into your networks, applications, systems and data. A key part of this is protecting your organization's electronic perimeter using various techniques, such as firewalls, virus detection, and intrusion detection systems. But their activities are even more complex than that. In this article we'll examine the "infosec" activity and how information security policies interface with disaster recovery (DR) and business continuity (BC) professionals.

Information security often involves devices that analyze incoming and outgoing data packets, and devices that monitor overall systems and network performance and how they could be impacted by a security breach.

Information security departments typically have a set of policies and procedures that govern their daily activities. Audit controls, such as those specified in ISO/IEC 27001:2005, and the global infosec standard, should also be in place. Compliance with ISO/IEC 27001 is increasingly important for organizations of all sizes and helps to ensure that methods for protecting their firm's infrastructure are consistent.

Additional information security activities include:

24/7 monitoring of all elements of the firm's internal and external networks, firewalls and access points for information ingress and egress.

As a disaster recovery professional, your input to and unique perspective on security activities could be valuable to your infosec colleagues, and can increase your value to the company. You involvement can also help you increase your knowledge of this important risk-related activity, and it should be a strategic element in your long-term professional growth.

Relationship to business continuity and disaster recovery professionals

By regularly exchanging information about threats, vulnerabilities and how they can be addressed, the information security and disaster recovery professionals can provide added value to the organization. By sitting on each other's planning committees, as well as the firm's risk organization, the benefits of each discipline can benefit the firm. Furthermore, if information security and disaster recovery professionals share their expertise with each other, that can ensure that both groups are aligned with each other's strategic and operational goals.

While the two functions overlap somewhat from planning and operational perspectives, infosec deals with ongoing and immediate threats, while BC/DR prepares for potentially serious business interruptions. Cross-training and rotating positions between the two organizations are two good ways to share experiences and to establish a backup staff in case of an emergency.

Both BC/DR and information security are responsible for protecting the company's ability to stay in business. Therefore, it's a good idea to identify opportunities for joint projects, such as operational assessments of the firm's external and internal risks or a supply chain assessment using each group's unique perspectives. By strategically combining the results of such an assessment, management will have a more precise view of the firm's current risk position, and will be better able to precisely target investments that will preserve and protect the organization. Furthermore, regular joint meetings of all risk-related departments can provide broader insights to the company's risk health, than if those units operated in independently of each other.

This independent, or "silo mentality" is more often the norm for many business, rather than the exception. Because of this independent mentality, it's probably the most difficult situation to overcome in a business setting. It takes real leadership -- both from senior management and department leaders -- to break down the barriers to collaboration. By doing this, each of these specialized units -- as well as the company -- can benefit.

About this author: Paul Kirvan, CISA, CSSP, FBCI, CBCP, has more than 20 years experience in business continuity management as a consultant, author and educator. He is also secretary of the Business Continuity Institute USA Chapter.

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy